x/vulndb: potential Go vuln in github.com/dgraph-io/dgraph: GHSA-92wq-q9pq-gw47

[GoVulnBot]

In GitHub Security Advisory GHSA-92wq-q9pq-gw47, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/dgraph-io/dgraph	23.0.0	< 23.0.0

Cross references:
No existing reports found with this module or alias.

See doc/triage.md for instructions on how to triage this report.

modules:
  - module: github.com/dgraph-io/dgraph
    versions:
      - fixed: 23.0.0
    packages:
      - package: github.com/dgraph-io/dgraph
summary: Dgraph Audit Log Encryption Vulnerability
description: |-
    ### Impact
    Existing Dgraph audit logs are vulnerable to brute force attacks due to nonce collisions.  All audit logs generated by versions of Dgraph <v23.0.0 are affected.

    ### Patches
    This issue was patched in https://github.com/dgraph-io/dgraph/pull/8323.  Dgraph users should upgrade to v23.0.0.

    ### Workarounds
    Store existing audit logs in a secure location.  For extra security, encrypt using a tool like `gpg`.

    ### References
    See https://github.com/dgraph-io/dgraph/pull/8323 for more context on the vulnerability.
cves:
  - CVE-2023-31135
ghsas:
  - GHSA-92wq-q9pq-gw47
references:
  - advisory: https://github.com/dgraph-io/dgraph/security/advisories/GHSA-92wq-q9pq-gw47
  - fix: https://github.com/dgraph-io/dgraph/pull/8323
  - web: https://github.com/dgraph-io/dgraph/releases/tag/v23.0.0
  - advisory: https://github.com/advisories/GHSA-92wq-q9pq-gw47

[tatianab]

Duplicate of #1781